{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","type":"deb","namespace":"debian","name":"radare2","version":"6.0.7+ds-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.1.6+ds-2","latest_non_vulnerable_version":"6.1.6+ds-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99830?format=json","vulnerability_id":"VCID-1a9j-ensr-uqdv","summary":"radare2 v5.9.8 and before contains a memory leak in the function bochs_open.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60361","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05731","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05689","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05725","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05744","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05732","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60361"},{"reference_url":"https://github.com/radareorg/radare2/pull/24312","reference_id":"24312","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:45:38Z/"}],"url":"https://github.com/radareorg/radare2/pull/24312"},{"reference_url":"https://usn.ubuntu.com/7915-1/","reference_id":"USN-7915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-60361"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a9j-ensr-uqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99831?format=json","vulnerability_id":"VCID-1aqr-mfkx-gkgx","summary":"A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63744","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13164","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13087","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13055","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13126","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13168","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120792","reference_id":"1120792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120792"},{"reference_url":"https://github.com/radareorg/radare2/issues/24661","reference_id":"24661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/radareorg/radare2/issues/24661"},{"reference_url":"https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79","reference_id":"e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md","reference_id":"MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md","reference_id":"radare2-nullptr-deref-bin_dyldcache.md","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-63744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1aqr-mfkx-gkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99750?format=json","vulnerability_id":"VCID-1d7d-jxht-43ab","summary":"Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32494","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46228","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46265","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46245","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46218","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46195","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46263","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32494"},{"reference_url":"https://github.com/radareorg/radare2/issues/18667","reference_id":"18667","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/"}],"url":"https://github.com/radareorg/radare2/issues/18667"},{"reference_url":"https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62","reference_id":"a07dedb804a82bc01c07072861942dd80c6b6d62","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/"}],"url":"https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-32494"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1d7d-jxht-43ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99694?format=json","vulnerability_id":"VCID-1dn1-fc7u-7yb2","summary":"The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15385","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51934","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51994","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.52004","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51984","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51952","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51972","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15385"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879119","reference_id":"879119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879119"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-15385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dn1-fc7u-7yb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99754?format=json","vulnerability_id":"VCID-212q-8vxd-8ya6","summary":"A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4021","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53917","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53916","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53894","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63322","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63314","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490","reference_id":"1014490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490"},{"reference_url":"https://security.archlinux.org/AVG-2583","reference_id":"AVG-2583","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2583"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-4021"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-212q-8vxd-8ya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6872?format=json","vulnerability_id":"VCID-263d-wbpy-yfgh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44975","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4085","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40869","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40839","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55135","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5507","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55129","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44975"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490","reference_id":"1014490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490"},{"reference_url":"https://security.archlinux.org/AVG-2748","reference_id":"AVG-2748","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-44975"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-263d-wbpy-yfgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6871?format=json","vulnerability_id":"VCID-26k3-cgue-xka1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0419","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48297","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48293","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48263","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48278","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4825","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0419"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"},{"reference_url":"https://security.archlinux.org/AVG-2748","reference_id":"AVG-2748","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0419"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26k3-cgue-xka1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99764?format=json","vulnerability_id":"VCID-271x-bszx-xydc","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0676","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59089","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59137","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59142","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59134","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59132","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0676"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0676"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-271x-bszx-xydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99781?format=json","vulnerability_id":"VCID-28x1-kz2t-4fe3","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1382","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48382","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48444","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4845","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48431","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48414","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1382"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28x1-kz2t-4fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99808?format=json","vulnerability_id":"VCID-2a5c-9nb8-vugb","summary":"An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46570","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33673","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33704","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33717","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33684","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33649","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46570"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908","reference_id":"1054908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908"},{"reference_url":"https://github.com/radareorg/radare2/issues/22333","reference_id":"22333","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:52:30Z/"}],"url":"https://github.com/radareorg/radare2/issues/22333"},{"reference_url":"https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6","reference_id":"d7fa58f1b3418ef08ad244acccc10ba6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:52:30Z/"}],"url":"https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-46570"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a5c-9nb8-vugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99706?format=json","vulnerability_id":"VCID-2pgt-pxxn-ryge","summary":"The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6448","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48236","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48302","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48284","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48255","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48268","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6448"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859447","reference_id":"859447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859447"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126382?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-6448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pgt-pxxn-ryge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99820?format=json","vulnerability_id":"VCID-2pj5-h3pj-yfh1","summary":"A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5642","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3664","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36695","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36703","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36667","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3663","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5642"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24231","reference_id":"24231","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://github.com/radareorg/radare2/issues/24231"},{"reference_url":"https://github.com/radareorg/radare2/issues/24231#issuecomment-2918848163","reference_id":"24231#issuecomment-2918848163","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://github.com/radareorg/radare2/issues/24231#issuecomment-2918848163"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311130","reference_id":"?ctiid.311130","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://vuldb.com/?ctiid.311130"},{"reference_url":"https://vuldb.com/?id.311130","reference_id":"?id.311130","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://vuldb.com/?id.311130"},{"reference_url":"https://vuldb.com/?submit.586910","reference_id":"?submit.586910","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://vuldb.com/?submit.586910"},{"reference_url":"https://drive.google.com/file/d/1joXpofhKSeb3uJ034ayVuWIoJj08gm_9/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://drive.google.com/file/d/1joXpofhKSeb3uJ034ayVuWIoJj08gm_9/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5642"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pj5-h3pj-yfh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99797?format=json","vulnerability_id":"VCID-2u7f-p3eg-2bbe","summary":"A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28072","reference_id":"","reference_type":"","scores":[{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74071","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74053","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74079","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77684","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77657","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28072"},{"reference_url":"https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45","reference_id":"027cd9b7274988bb1af866539ba6c2fa2ff63e45","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:38:19Z/"}],"url":"https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-28072"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u7f-p3eg-2bbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99836?format=json","vulnerability_id":"VCID-2zpe-735q-yydx","summary":"radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41015","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02541","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02487","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02525","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02593","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02596","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41015"},{"reference_url":"https://github.com/radareorg/radare2/issues/25650","reference_id":"25650","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/25650"},{"reference_url":"https://github.com/radareorg/radare2/pull/25651","reference_id":"25651","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/pull/25651"},{"reference_url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","reference_id":"9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"},{"reference_url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5","reference_id":"SECURITY.md?plain=1#L3-L5","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2026-41015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zpe-735q-yydx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99734?format=json","vulnerability_id":"VCID-316m-re33-kkfn","summary":"In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8809","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32092","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32055","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32023","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32046","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895751","reference_id":"895751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895751"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-8809"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-316m-re33-kkfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99759?format=json","vulnerability_id":"VCID-35kw-9aht-rffy","summary":"Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0519","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47449","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47468","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47482","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0519"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35kw-9aht-rffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99777?format=json","vulnerability_id":"VCID-3gw8-k4ps-5kgq","summary":"NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1283","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36261","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36274","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50884","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50946","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5093","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1283"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1283"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gw8-k4ps-5kgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99733?format=json","vulnerability_id":"VCID-3hag-6dc7-73ep","summary":"In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8808","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8808"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895752","reference_id":"895752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895752"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-8808"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hag-6dc7-73ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99726?format=json","vulnerability_id":"VCID-3mwt-8jh1-p3dr","summary":"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20455","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39085","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39173","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39151","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39123","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39135","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126392?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20455"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mwt-8jh1-p3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99768?format=json","vulnerability_id":"VCID-3u1s-fwgu-tubt","summary":"Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0849","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50262","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50234","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50254","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50193","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50243","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50215","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0849"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0849"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3u1s-fwgu-tubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99727?format=json","vulnerability_id":"VCID-45j2-ft5m-zkbg","summary":"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20456","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3949","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39495","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39466","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39436","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39451","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126392?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20456"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45j2-ft5m-zkbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99822?format=json","vulnerability_id":"VCID-47wc-uyb4-w3dv","summary":"A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5644","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31383","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31302","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31279","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31311","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31349","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5644"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24233","reference_id":"24233","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://github.com/radareorg/radare2/issues/24233"},{"reference_url":"https://github.com/radareorg/radare2/issues/24233#issuecomment-2918847833","reference_id":"24233#issuecomment-2918847833","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://github.com/radareorg/radare2/issues/24233#issuecomment-2918847833"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311132","reference_id":"?ctiid.311132","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://vuldb.com/?ctiid.311132"},{"reference_url":"https://vuldb.com/?id.311132","reference_id":"?id.311132","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://vuldb.com/?id.311132"},{"reference_url":"https://vuldb.com/?submit.586921","reference_id":"?submit.586921","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://vuldb.com/?submit.586921"},{"reference_url":"https://drive.google.com/file/d/1VtiMMp7ECun3sq3AwlqQrU9xEPA45eOz/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://drive.google.com/file/d/1VtiMMp7ECun3sq3AwlqQrU9xEPA45eOz/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5644"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47wc-uyb4-w3dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99710?format=json","vulnerability_id":"VCID-4chg-e4a8-1bat","summary":"The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7946","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43092","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43166","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43175","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43118","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43128","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7946"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860962","reference_id":"860962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860962"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126386?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-7946"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4chg-e4a8-1bat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99803?format=json","vulnerability_id":"VCID-528b-ffmw-cfgq","summary":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0302","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39431","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39475","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39447","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39417","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39384","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39471","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0302"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029037","reference_id":"1029037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029037"},{"reference_url":"https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e","reference_id":"583133af-7ae6-4a21-beef-a4b0182cf82e","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:47:04Z/"}],"url":"https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e"},{"reference_url":"https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce","reference_id":"961f0e723903011d4f54c2396e44efa91fcc74ce","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:47:04Z/"}],"url":"https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-0302"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-528b-ffmw-cfgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99774?format=json","vulnerability_id":"VCID-529q-ssq4-cuf3","summary":"Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1238","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49425","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49395","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49407","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50587","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50648","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50656","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1238"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1238"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-529q-ssq4-cuf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99752?format=json","vulnerability_id":"VCID-56j9-qfdv-vbat","summary":"In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32613","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50131","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50061","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50122","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50105","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50087","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32613"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067","reference_id":"989067","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067"},{"reference_url":"https://security.archlinux.org/ASA-202106-40","reference_id":"ASA-202106-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-40"},{"reference_url":"https://security.archlinux.org/AVG-1950","reference_id":"AVG-1950","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1950"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-32613"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56j9-qfdv-vbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99819?format=json","vulnerability_id":"VCID-597e-ks5a-83cg","summary":"A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". An additional warning regarding threading support has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5641","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3498","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5641"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24230","reference_id":"24230","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://github.com/radareorg/radare2/issues/24230"},{"reference_url":"https://github.com/radareorg/radare2/issues/24230#issuecomment-2919612676","reference_id":"24230#issuecomment-2919612676","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://github.com/radareorg/radare2/issues/24230#issuecomment-2919612676"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311129","reference_id":"?ctiid.311129","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://vuldb.com/?ctiid.311129"},{"reference_url":"https://vuldb.com/?id.311129","reference_id":"?id.311129","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://vuldb.com/?id.311129"},{"reference_url":"https://vuldb.com/?submit.586909","reference_id":"?submit.586909","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://vuldb.com/?submit.586909"},{"reference_url":"https://drive.google.com/file/d/1oG5IC7qhL_SJsIHpnWp7MZlWJGYt8qWZ/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://drive.google.com/file/d/1oG5IC7qhL_SJsIHpnWp7MZlWJGYt8qWZ/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5641"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-597e-ks5a-83cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99732?format=json","vulnerability_id":"VCID-5afs-ezhy-vfgd","summary":"In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20461","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39137","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39226","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39231","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39204","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39176","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39189","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20461"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126392?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5afs-ezhy-vfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99748?format=json","vulnerability_id":"VCID-5daz-bxzy-a7db","summary":"A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27794","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5551","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55504","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55485","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126398?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2020-27794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5daz-bxzy-a7db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99821?format=json","vulnerability_id":"VCID-5fvj-m3cn-2kfj","summary":"A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5643","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36695","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3664","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3663","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36667","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36703","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24232","reference_id":"24232","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://github.com/radareorg/radare2/issues/24232"},{"reference_url":"https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776","reference_id":"24232#issuecomment-2918841776","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311131","reference_id":"?ctiid.311131","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://vuldb.com/?ctiid.311131"},{"reference_url":"https://vuldb.com/?id.311131","reference_id":"?id.311131","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://vuldb.com/?id.311131"},{"reference_url":"https://vuldb.com/?submit.586912","reference_id":"?submit.586912","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://vuldb.com/?submit.586912"},{"reference_url":"https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5643"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fvj-m3cn-2kfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99728?format=json","vulnerability_id":"VCID-5htw-eeb4-wqgt","summary":"In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20457","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37113","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37204","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37211","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37178","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37139","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37153","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20457"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322","reference_id":"917322","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126393?format=json","purl":"pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20457"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5htw-eeb4-wqgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99804?format=json","vulnerability_id":"VCID-5xhz-41hj-ruex","summary":"Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1605","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35041","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50763","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50769","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50749","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1605"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034180","reference_id":"1034180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034180"},{"reference_url":"https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f","reference_id":"508a6307045441defd1bef0999a1f7052097613f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:30:31Z/"}],"url":"https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f"},{"reference_url":"https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2","reference_id":"9dddcf5b-7dd4-46cc-abf9-172dce20bab2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:30:31Z/"}],"url":"https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-1605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xhz-41hj-ruex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6289?format=json","vulnerability_id":"VCID-64js-8hb7-9ye5","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11380","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48246","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11380"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11380"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64js-8hb7-9ye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6291?format=json","vulnerability_id":"VCID-6n3h-w7tb-jfdn","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11378","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.422","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42115","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42189","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42147","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42172","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42137","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11378"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11378"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3h-w7tb-jfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99724?format=json","vulnerability_id":"VCID-6xpt-u76f-yucb","summary":"getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19842","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54748","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54806","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54816","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54809","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5479","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5481","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19842"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126391?format=json","purl":"pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-19842"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xpt-u76f-yucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99799?format=json","vulnerability_id":"VCID-73r4-7kf6-e3a3","summary":"Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34502","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18058","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17982","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18001","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34064","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34165","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3418","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34502"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979","reference_id":"1016979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-34502"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73r4-7kf6-e3a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99801?format=json","vulnerability_id":"VCID-78yy-tdmx-tyb2","summary":"Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4398","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57668","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57673","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57664","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57651","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57613","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57665","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4398"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027144","reference_id":"1027144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027144"},{"reference_url":"https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8","reference_id":"b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:50:32Z/"}],"url":"https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8"},{"reference_url":"https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2","reference_id":"c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:50:32Z/"}],"url":"https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-4398"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78yy-tdmx-tyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99769?format=json","vulnerability_id":"VCID-7aep-ks5e-tbc9","summary":"Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1031","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50905","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50967","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50972","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50921","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50938","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aep-ks5e-tbc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99697?format=json","vulnerability_id":"VCID-7bjr-2bf3-aqau","summary":"In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16357","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43981","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44035","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43999","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44008","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16357"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880620","reference_id":"880620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880620"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-16357"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bjr-2bf3-aqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99770?format=json","vulnerability_id":"VCID-8cte-5c2k-73hs","summary":"Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1052","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35261","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35366","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35376","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35341","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.353","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35319","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1052"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cte-5c2k-73hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99699?format=json","vulnerability_id":"VCID-8ee7-tm9m-dqgg","summary":"In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16359","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41032","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41107","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41111","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4108","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41049","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41059","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16359"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880616","reference_id":"880616","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880616"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-16359"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ee7-tm9m-dqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99812?format=json","vulnerability_id":"VCID-8x34-en3x-sfc4","summary":"An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26475","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18094","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17999","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18092","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18056","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26475"},{"reference_url":"https://github.com/TronciuVlad/CVE-2024-26475","reference_id":"CVE-2024-26475","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T16:01:17Z/"}],"url":"https://github.com/TronciuVlad/CVE-2024-26475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2024-26475"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8x34-en3x-sfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99811?format=json","vulnerability_id":"VCID-931k-hfzj-dke8","summary":"A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11858","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16797","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16679","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16696","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16801","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1676","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11858"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329102","reference_id":"show_bug.cgi?id=2329102","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-16T16:38:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126416?format=json","purl":"pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.8%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2024-11858"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-931k-hfzj-dke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99814?format=json","vulnerability_id":"VCID-93bv-csbt-xkfj","summary":"Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29646","reference_id":"","reference_type":"","scores":[{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74788","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74799","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74773","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74797","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74791","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29646"},{"reference_url":"https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690","reference_id":"0be4a204e7226fa2cea761c09f027690","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690"},{"reference_url":"https://github.com/radareorg/radare2/pull/22562","reference_id":"22562","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22562"},{"reference_url":"https://github.com/radareorg/radare2/pull/22567","reference_id":"22567","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22567"},{"reference_url":"https://github.com/radareorg/radare2/pull/22572","reference_id":"22572","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22572"},{"reference_url":"https://github.com/radareorg/radare2/pull/22578","reference_id":"22578","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22578"},{"reference_url":"https://github.com/radareorg/radare2/pull/22599","reference_id":"22599","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22599"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2024-29646"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93bv-csbt-xkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99715?format=json","vulnerability_id":"VCID-98rq-d1rp-suck","summary":"In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10186","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10186"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305","reference_id":"897305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-10186"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98rq-d1rp-suck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99779?format=json","vulnerability_id":"VCID-9au7-u1nr-qfbq","summary":"Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1296","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51925","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51986","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51995","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51975","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51944","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51963","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1296"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9au7-u1nr-qfbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99692?format=json","vulnerability_id":"VCID-9vwh-psmt-mufj","summary":"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10929","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59089","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59138","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59142","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59134","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59117","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59133","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10929"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369","reference_id":"867369","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126380?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-10929"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwh-psmt-mufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99800?format=json","vulnerability_id":"VCID-9xgb-pquz-afdn","summary":"Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34520","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1551","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15452","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32259","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979","reference_id":"1016979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-34520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xgb-pquz-afdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99721?format=json","vulnerability_id":"VCID-9y7t-af3t-dqbt","summary":"The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14016","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903725","reference_id":"903725","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126389?format=json","purl":"pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-14016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y7t-af3t-dqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99743?format=json","vulnerability_id":"VCID-9yhg-tsfj-9bbr","summary":"radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19647","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64899","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64942","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64952","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.6494","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64929","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64946","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947402","reference_id":"947402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947402"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126397?format=json","purl":"pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@4.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-19647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9yhg-tsfj-9bbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99763?format=json","vulnerability_id":"VCID-aedn-7hg9-4fh8","summary":"Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0559","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54836","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54894","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54904","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54895","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54876","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54896","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0559"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aedn-7hg9-4fh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6287?format=json","vulnerability_id":"VCID-aj1n-z2ys-pygk","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11382","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46149","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46217","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46183","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46172","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11382"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11382"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aj1n-z2ys-pygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99787?format=json","vulnerability_id":"VCID-ajkh-fqb6-9khu","summary":"Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1452","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37793","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37766","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37728","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.3774","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1452"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1452"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkh-fqb6-9khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99696?format=json","vulnerability_id":"VCID-ajv3-arxp-mqbd","summary":"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15932","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42787","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42862","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42873","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42849","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42812","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42822","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15932"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880024","reference_id":"880024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-15932"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajv3-arxp-mqbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99704?format=json","vulnerability_id":"VCID-akfg-zc8q-xfad","summary":"The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6387","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46402","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46468","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46469","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46449","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46423","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46433","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6387"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574","reference_id":"856574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126384?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-6387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akfg-zc8q-xfad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6290?format=json","vulnerability_id":"VCID-bbby-6p32-aqh9","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11379","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48246","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11379"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11379"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbby-6p32-aqh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99718?format=json","vulnerability_id":"VCID-bbgd-2san-sbgr","summary":"There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12321","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37729","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3782","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37823","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37792","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37767","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629","reference_id":"901629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126388?format=json","purl":"pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-12321"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbgd-2san-sbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99772?format=json","vulnerability_id":"VCID-bpjn-65es-abcc","summary":"Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1207","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28158","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28178","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41511","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4148","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4149","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpjn-65es-abcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99832?format=json","vulnerability_id":"VCID-bq1w-2kda-pqft","summary":"A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63745","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0799","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0795","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07931","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0798","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08005","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63745"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120793","reference_id":"1120793","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120793"},{"reference_url":"https://github.com/radareorg/radare2/issues/24660","reference_id":"24660","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/radareorg/radare2/issues/24660"},{"reference_url":"https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd","reference_id":"6c5df3f8570d4f0c360681c08241ad8af3b919fd","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md","reference_id":"MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md","reference_id":"radare2-nullptr-deref-bin_ne.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-63745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1w-2kda-pqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99827?format=json","vulnerability_id":"VCID-byrw-8suj-7fad","summary":"radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60358","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05641","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05638","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05642","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60358"},{"reference_url":"https://github.com/radareorg/radare2/pull/24224","reference_id":"24224","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T13:35:56Z/"}],"url":"https://github.com/radareorg/radare2/pull/24224"},{"reference_url":"https://usn.ubuntu.com/7842-1/","reference_id":"USN-7842-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7842-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-60358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-byrw-8suj-7fad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99775?format=json","vulnerability_id":"VCID-c4cf-mduy-aufy","summary":"Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1240","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37965","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37977","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47197","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47265","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47247","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1240"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1240"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4cf-mduy-aufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99815?format=json","vulnerability_id":"VCID-cms9-2dwc-sffv","summary":"An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48241","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22886","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22779","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22776","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22826","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2287","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48241"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088693","reference_id":"1088693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088693"},{"reference_url":"https://github.com/radareorg/radare2/issues/23317","reference_id":"23317","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/"}],"url":"https://github.com/radareorg/radare2/issues/23317"},{"reference_url":"https://github.com/radareorg/radare2/pull/23318","reference_id":"23318","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/"}],"url":"https://github.com/radareorg/radare2/pull/23318"},{"reference_url":"https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md","reference_id":"CVE-2024-48241.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/"}],"url":"https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126416?format=json","purl":"pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.8%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2024-48241"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cms9-2dwc-sffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99707?format=json","vulnerability_id":"VCID-ct3w-kha3-huc4","summary":"The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7274","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45608","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45612","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45592","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45567","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4558","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-7274"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct3w-kha3-huc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6873?format=json","vulnerability_id":"VCID-ctkt-wypn-ryad","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44974","reference_id":"","reference_type":"","scores":[{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47051","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.4707","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.4704","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57736","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57676","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57727","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44974"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490","reference_id":"1014490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490"},{"reference_url":"https://security.archlinux.org/AVG-2748","reference_id":"AVG-2748","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-44974"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctkt-wypn-ryad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99818?format=json","vulnerability_id":"VCID-d64r-k8t1-c3aj","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1864","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59035","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5901","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59027","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5903","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59026","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622","reference_id":"1099622","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622"},{"reference_url":"https://github.com/radareorg/radare2/pull/23981","reference_id":"23981","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-03T14:09:22Z/"}],"url":"https://github.com/radareorg/radare2/pull/23981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-1864"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d64r-k8t1-c3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99810?format=json","vulnerability_id":"VCID-dmqu-p3sr-q3ap","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5686","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24638","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24628","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24572","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24513","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24522","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055854","reference_id":"1055854","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-5686"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmqu-p3sr-q3ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99693?format=json","vulnerability_id":"VCID-dmqy-p89x-dfb9","summary":"The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15368","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46898","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46967","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4695","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46921","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4693","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878767","reference_id":"878767","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-15368"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmqy-p89x-dfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99809?format=json","vulnerability_id":"VCID-dra4-gp2n-4ueg","summary":"radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47016","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39259","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39222","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3921","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39237","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39265","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056930","reference_id":"1056930","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056930"},{"reference_url":"https://github.com/radareorg/radare2/issues/22349","reference_id":"22349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/"}],"url":"https://github.com/radareorg/radare2/issues/22349"},{"reference_url":"https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd","reference_id":"40c9f50e127be80b9d816bce2ab2ee790831aefd","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/"}],"url":"https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd"},{"reference_url":"https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa","reference_id":"65705be4f84269cb7cd725a1d4ab2ffa","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/"}],"url":"https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-47016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dra4-gp2n-4ueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99723?format=json","vulnerability_id":"VCID-dtz5-8nbc-dfd2","summary":"In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15834","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34724","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3482","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34837","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34801","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34765","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34787","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126390?format=json","purl":"pkg:deb/debian/radare2@2.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-15834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtz5-8nbc-dfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99796?format=json","vulnerability_id":"VCID-e192-bxh2-3uan","summary":"A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28071","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56129","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56099","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56121","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56863","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56812","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28071"},{"reference_url":"https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5","reference_id":"65448811e5b9582a19cf631e03cfcaa025a92ef5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:37Z/"}],"url":"https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-28071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e192-bxh2-3uan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99825?format=json","vulnerability_id":"VCID-e1er-hwmt-27a6","summary":"A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5647","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3498","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24237","reference_id":"24237","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://github.com/radareorg/radare2/issues/24237"},{"reference_url":"https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137","reference_id":"24237#issuecomment-2918846137","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311135","reference_id":"?ctiid.311135","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://vuldb.com/?ctiid.311135"},{"reference_url":"https://vuldb.com/?id.311135","reference_id":"?id.311135","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://vuldb.com/?id.311135"},{"reference_url":"https://vuldb.com/?submit.586928","reference_id":"?submit.586928","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://vuldb.com/?submit.586928"},{"reference_url":"https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1er-hwmt-27a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99806?format=json","vulnerability_id":"VCID-e4jj-16ft-dffn","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4322","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47833","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47797","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4783","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47785","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47815","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4322"},{"reference_url":"https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd","reference_id":"06e2484c-d6f1-4497-af67-26549be9fffd","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051898","reference_id":"1051898","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051898"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/","reference_id":"64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/"},{"reference_url":"https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd","reference_id":"ba919adb74ac368bf76b150a00347ded78b572dd","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/","reference_id":"SOZ6XCADVAPAIHMVSV3FUAN742BHXF55","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-4322"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4jj-16ft-dffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99745?format=json","vulnerability_id":"VCID-e8f3-tv1w-tbdc","summary":"radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16269","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57159","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5721","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57206","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57192","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57209","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16269"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126398?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2020-16269"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8f3-tv1w-tbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99695?format=json","vulnerability_id":"VCID-ebxg-792p-dqhk","summary":"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15931","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42787","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42862","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42873","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42849","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42812","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42822","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15931"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025","reference_id":"880025","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-15931"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebxg-792p-dqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99702?format=json","vulnerability_id":"VCID-ed41-kzjc-kudr","summary":"The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6197","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51714","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51774","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51783","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51762","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51729","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51748","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063","reference_id":"856063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126383?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-6197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed41-kzjc-kudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99823?format=json","vulnerability_id":"VCID-eea1-j9cx-yqaf","summary":"A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5645","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3498","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5645"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24234","reference_id":"24234","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://github.com/radareorg/radare2/issues/24234"},{"reference_url":"https://github.com/radareorg/radare2/issues/24234#issuecomment-2918847551","reference_id":"24234#issuecomment-2918847551","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://github.com/radareorg/radare2/issues/24234#issuecomment-2918847551"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311133","reference_id":"?ctiid.311133","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://vuldb.com/?ctiid.311133"},{"reference_url":"https://vuldb.com/?id.311133","reference_id":"?id.311133","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://vuldb.com/?id.311133"},{"reference_url":"https://vuldb.com/?submit.586922","reference_id":"?submit.586922","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://vuldb.com/?submit.586922"},{"reference_url":"https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5645"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eea1-j9cx-yqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99731?format=json","vulnerability_id":"VCID-efu8-773f-skeu","summary":"In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20460","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40862","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4094","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40944","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40913","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40882","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40893","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126392?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20460"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efu8-773f-skeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99790?format=json","vulnerability_id":"VCID-ejan-br63-h3bw","summary":"Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1809","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42093","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42168","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42151","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42125","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1809"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejan-br63-h3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99778?format=json","vulnerability_id":"VCID-eugk-dx54-87b3","summary":"heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1284","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41131","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41206","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.4121","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.4118","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.4115","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41159","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1284"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1284"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eugk-dx54-87b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99758?format=json","vulnerability_id":"VCID-f1hv-4m7t-27a7","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0518","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51411","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51472","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51478","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51456","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51423","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51444","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0518"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0518"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1hv-4m7t-27a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99807?format=json","vulnerability_id":"VCID-fbe4-nm1g-3qc4","summary":"An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46569","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35562","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3561","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35622","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35584","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35546","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46569"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908","reference_id":"1054908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908"},{"reference_url":"https://github.com/radareorg/radare2/issues/22334","reference_id":"22334","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:50:40Z/"}],"url":"https://github.com/radareorg/radare2/issues/22334"},{"reference_url":"https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8","reference_id":"afeaf8cc958f95876f0ee245b8a002e8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:50:40Z/"}],"url":"https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-46569"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbe4-nm1g-3qc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99816?format=json","vulnerability_id":"VCID-fcvm-fheg-k7dr","summary":"A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1378","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10763","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1069","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1067","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10752","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10787","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1378"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098376","reference_id":"1098376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098376"},{"reference_url":"https://github.com/radareorg/radare2/issues/23953","reference_id":"23953","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/issues/23953"},{"reference_url":"https://github.com/radareorg/radare2/issues/23953#issue-2844325926","reference_id":"23953#issue-2844325926","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/issues/23953#issue-2844325926"},{"reference_url":"https://github.com/radareorg/radare2/milestone/86","reference_id":"86","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/milestone/86"},{"reference_url":"https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545","reference_id":"c6c772d2eab692ce7ada5a4227afd50c355ad545","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545"},{"reference_url":"https://vuldb.com/?ctiid.295986","reference_id":"?ctiid.295986","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://vuldb.com/?ctiid.295986"},{"reference_url":"https://vuldb.com/?id.295986","reference_id":"?id.295986","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://vuldb.com/?id.295986"},{"reference_url":"https://vuldb.com/?submit.498499","reference_id":"?submit.498499","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://vuldb.com/?submit.498499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-1378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcvm-fheg-k7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99751?format=json","vulnerability_id":"VCID-fksc-6h4x-3ufk","summary":"Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32495","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55016","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55023","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55014","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54996","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54957","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55015","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32495"},{"reference_url":"https://github.com/radareorg/radare2/issues/18666","reference_id":"18666","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/"}],"url":"https://github.com/radareorg/radare2/issues/18666"},{"reference_url":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","reference_id":"5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/"}],"url":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-32495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fksc-6h4x-3ufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99701?format=json","vulnerability_id":"VCID-fzt8-4s8y-7kfu","summary":"The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6194","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3533","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3534","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35305","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35264","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35284","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6194"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448","reference_id":"859448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126382?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-6194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzt8-4s8y-7kfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99700?format=json","vulnerability_id":"VCID-g3x4-5nuk-4yfz","summary":"In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16805","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42244","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42254","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42191","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16805"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882134","reference_id":"882134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-16805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3x4-5nuk-4yfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71796?format=json","vulnerability_id":"VCID-g6r6-zyw6-c3fk","summary":"The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9763","reference_id":"","reference_type":"","scores":[{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80464","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80506","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80489","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80485","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80491","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80493","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:C"},{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463361","reference_id":"1463361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423","reference_id":"869423","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126380?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-9763"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6r6-zyw6-c3fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99722?format=json","vulnerability_id":"VCID-gakp-ce6u-1bd6","summary":"The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14017","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14017"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903726","reference_id":"903726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903726"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126389?format=json","purl":"pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-14017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gakp-ce6u-1bd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99703?format=json","vulnerability_id":"VCID-ggnb-smze-8yce","summary":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6319","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52819","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.5288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52886","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52867","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52842","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6319"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856579","reference_id":"856579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126384?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-6319"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggnb-smze-8yce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99712?format=json","vulnerability_id":"VCID-h6ym-nqn6-vbfw","summary":"The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9761","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45608","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45612","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45592","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45567","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4558","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869428","reference_id":"869428","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126380?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-9761"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6ym-nqn6-vbfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99737?format=json","vulnerability_id":"VCID-hc94-w17q-8qde","summary":"In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12802","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5501","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55067","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55075","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55066","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55049","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55069","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510","reference_id":"930510","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126394?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-12802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hc94-w17q-8qde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99730?format=json","vulnerability_id":"VCID-hgbb-de2v-qqbb","summary":"In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20459","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39352","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39356","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39328","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39299","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39312","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20459"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322","reference_id":"917322","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126393?format=json","purl":"pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20459"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgbb-de2v-qqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99785?format=json","vulnerability_id":"VCID-hmph-127r-akd3","summary":"heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1444","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.4115","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41159","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52326","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52386","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52393","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52372","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmph-127r-akd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99719?format=json","vulnerability_id":"VCID-hnec-rv5f-wqh3","summary":"There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12322","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33546","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33648","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33662","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33592","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33614","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12322"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628","reference_id":"901628","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126388?format=json","purl":"pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-12322"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnec-rv5f-wqh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99805?format=json","vulnerability_id":"VCID-hr61-6m8w-zqhr","summary":"radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27114","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22536","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22638","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22578","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27114"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032667","reference_id":"1032667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032667"},{"reference_url":"https://github.com/radareorg/radare2/issues/21363","reference_id":"21363","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:14:47Z/"}],"url":"https://github.com/radareorg/radare2/issues/21363"},{"reference_url":"https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509","reference_id":"a15067a8eaa836bcc24b0882712c14d1baa66509","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:14:47Z/"}],"url":"https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2023-27114"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hr61-6m8w-zqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99713?format=json","vulnerability_id":"VCID-hxax-tf4g-xudz","summary":"The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9762","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42241","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42316","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42299","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42265","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42274","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869426","reference_id":"869426","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126380?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-9762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxax-tf4g-xudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6293?format=json","vulnerability_id":"VCID-j4ne-1cz1-pqdg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11376","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48246","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11376"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11376"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4ne-1cz1-pqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99771?format=json","vulnerability_id":"VCID-jfhr-bkk6-xbeg","summary":"Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1061","reference_id":"","reference_type":"","scores":[{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43859","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43929","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43937","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43912","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43877","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43887","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1061"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1061"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfhr-bkk6-xbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99717?format=json","vulnerability_id":"VCID-jgqe-13sd-g7h1","summary":"There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12320","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37729","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3782","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37823","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37792","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37767","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12320"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630","reference_id":"901630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126388?format=json","purl":"pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-12320"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqe-13sd-g7h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99788?format=json","vulnerability_id":"VCID-jsnv-6c8t-akhh","summary":"Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1649","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37471","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37564","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37567","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37535","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37495","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37508","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1649"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1649"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jsnv-6c8t-akhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99765?format=json","vulnerability_id":"VCID-k1uv-cvg7-fybq","summary":"Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0695","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55681","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55732","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55714","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55734","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0695"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0695"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1uv-cvg7-fybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99708?format=json","vulnerability_id":"VCID-kg6q-28yr-8kgf","summary":"The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7716","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40175","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40257","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4026","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40231","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40202","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40217","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7716"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-7716"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kg6q-28yr-8kgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99705?format=json","vulnerability_id":"VCID-kwda-q8cp-bueb","summary":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6415","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46036","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.4604","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46019","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45993","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46004","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6415"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572","reference_id":"856572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126384?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-6415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwda-q8cp-bueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99826?format=json","vulnerability_id":"VCID-m79a-j9rp-1kfu","summary":"A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5648","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3498","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24238","reference_id":"24238","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/24238"},{"reference_url":"https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876","reference_id":"24238#issuecomment-2918850876","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311136","reference_id":"?ctiid.311136","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://vuldb.com/?ctiid.311136"},{"reference_url":"https://vuldb.com/?id.311136","reference_id":"?id.311136","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://vuldb.com/?id.311136"},{"reference_url":"https://vuldb.com/?submit.586929","reference_id":"?submit.586929","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://vuldb.com/?submit.586929"},{"reference_url":"https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5648"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m79a-j9rp-1kfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6286?format=json","vulnerability_id":"VCID-mgjd-999m-xua8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11383","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48246","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11383"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11383"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgjd-999m-xua8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99714?format=json","vulnerability_id":"VCID-n9uz-98rf-zygh","summary":"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9949","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56858","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56909","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56916","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56904","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56889","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56906","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068","reference_id":"866068","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126380?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-9949"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9uz-98rf-zygh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99756?format=json","vulnerability_id":"VCID-nj6p-kn6f-9yhd","summary":"radare2 is vulnerable to Out-of-bounds Read","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0173","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47519","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47521","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47505","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47474","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47487","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0173"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nj6p-kn6f-9yhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99729?format=json","vulnerability_id":"VCID-p2np-uyh8-bbcz","summary":"In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20458","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39352","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39356","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39328","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39299","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39312","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20458"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126392?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-20458"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2np-uyh8-bbcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99798?format=json","vulnerability_id":"VCID-p3vr-rqjg-2qfp","summary":"A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28073","reference_id":"","reference_type":"","scores":[{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66155","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66139","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66127","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66144","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6671","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6667","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28073"},{"reference_url":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","reference_id":"59a9dfb60acf8b5c0312061cffd9693fc9526053","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:02Z/"}],"url":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-28073"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3vr-rqjg-2qfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99789?format=json","vulnerability_id":"VCID-p6p7-kpfa-8uay","summary":"Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1714","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31075","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31141","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31107","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31072","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31041","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31063","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1714"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6p7-kpfa-8uay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99725?format=json","vulnerability_id":"VCID-q1y3-xtem-yfba","summary":"opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19843","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37262","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37353","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37359","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37326","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37288","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37303","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19843"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126391?format=json","purl":"pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-19843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1y3-xtem-yfba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99791?format=json","vulnerability_id":"VCID-qkns-94gq-gqa2","summary":"Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1899","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62591","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62599","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6259","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62576","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkns-94gq-gqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99784?format=json","vulnerability_id":"VCID-qrhz-71ua-6uge","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1437","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41762","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41728","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48608","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48671","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4868","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1437"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrhz-71ua-6uge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99828?format=json","vulnerability_id":"VCID-qryr-pwu3-h7fz","summary":"radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60359","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05641","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05638","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05642","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60359"},{"reference_url":"https://github.com/radareorg/radare2/pull/24215","reference_id":"24215","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:23:06Z/"}],"url":"https://github.com/radareorg/radare2/pull/24215"},{"reference_url":"https://usn.ubuntu.com/7915-1/","reference_id":"USN-7915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-60359"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qryr-pwu3-h7fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6292?format=json","vulnerability_id":"VCID-qsau-m7ab-87dc","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11377","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49261","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49189","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49251","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49226","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49244","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49214","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11377"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11377"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsau-m7ab-87dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99740?format=json","vulnerability_id":"VCID-qvzx-rwr6-skhn","summary":"In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14745","reference_id":"","reference_type":"","scores":[{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89524","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89523","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.89522","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04668","scoring_system":"epss","scoring_elements":"0.8954","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204","reference_id":"934204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126395?format=json","purl":"pkg:deb/debian/radare2@3.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-14745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvzx-rwr6-skhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99753?format=json","vulnerability_id":"VCID-qwu7-6yep-efed","summary":"A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3673","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76435","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76407","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76437","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76424","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76413","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3673"},{"reference_url":"https://security.archlinux.org/AVG-2245","reference_id":"AVG-2245","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2021-3673"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwu7-6yep-efed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99817?format=json","vulnerability_id":"VCID-rgcr-2a87-1yhe","summary":"Out-of-bounds Write vulnerability in radareorg radare2 allows   heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1744","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64079","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64082","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64072","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64059","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64074","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1744"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099620","reference_id":"1099620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099620"},{"reference_url":"https://github.com/radareorg/radare2/pull/23969","reference_id":"23969","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-28T15:21:10Z/"}],"url":"https://github.com/radareorg/radare2/pull/23969"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-1744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgcr-2a87-1yhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99773?format=json","vulnerability_id":"VCID-rhur-m1kz-b7cr","summary":"Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1237","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42326","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42335","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49371","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49432","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhur-m1kz-b7cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58557?format=json","vulnerability_id":"VCID-rrcw-n2jt-sfde","summary":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305","reference_id":"","reference_type":"","scores":[{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95942","published_at":"2026-06-05T12:55:00Z"},{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95945","published_at":"2026-06-08T12:55:00Z"},{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.9595","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049","reference_id":"1191049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397","reference_id":"778397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402","reference_id":"778402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406","reference_id":"778406","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408","reference_id":"778408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409","reference_id":"778409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412","reference_id":"778412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"},{"reference_url":"https://usn.ubuntu.com/2594-1/","reference_id":"USN-2594-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2594-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126379?format=json","purl":"pkg:deb/debian/radare2@0.10.5%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0.10.5%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2015-2305"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrcw-n2jt-sfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99782?format=json","vulnerability_id":"VCID-rrwr-rd7m-hkf9","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1383","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3693","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36892","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36905","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47631","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47694","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47695","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1383"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrwr-rd7m-hkf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99749?format=json","vulnerability_id":"VCID-ruza-mgbw-ckcp","summary":"A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27795","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54464","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54521","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54531","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.545","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27795"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126398?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2020-27795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruza-mgbw-ckcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99716?format=json","vulnerability_id":"VCID-rvuh-qtyf-xbc8","summary":"In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10187","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305","reference_id":"897305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-10187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvuh-qtyf-xbc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99741?format=json","vulnerability_id":"VCID-s28k-xcke-8uex","summary":"In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16718","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80343","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80371","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80367","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80362","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80384","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-16718"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s28k-xcke-8uex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99760?format=json","vulnerability_id":"VCID-s37c-fn24-xfch","summary":"Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0521","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47449","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47468","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47482","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0521"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s37c-fn24-xfch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6294?format=json","vulnerability_id":"VCID-skxz-thh2-6fcj","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11375","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46149","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46217","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46183","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46172","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11375"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11375"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skxz-thh2-6fcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99747?format=json","vulnerability_id":"VCID-ssnp-b6k6-5ydn","summary":"An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27793","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5551","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55504","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55485","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126398?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2020-27793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ssnp-b6k6-5ydn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99720?format=json","vulnerability_id":"VCID-szwb-qryu-e7hh","summary":"The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14015","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14015"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903724","reference_id":"903724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126389?format=json","purl":"pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-14015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szwb-qryu-e7hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6285?format=json","vulnerability_id":"VCID-t5vq-q43s-53dy","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11384","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48246","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11384"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11384"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5vq-q43s-53dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99795?format=json","vulnerability_id":"VCID-t76g-tka2-6bbu","summary":"A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28070","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47887","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47922","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47875","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48684","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28070"},{"reference_url":"https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0","reference_id":"4aff1bb00224de4f5bc118f987dfd5d2fe3450d0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:31:03Z/"}],"url":"https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-28070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t76g-tka2-6bbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99761?format=json","vulnerability_id":"VCID-ttze-2s9v-qyet","summary":"Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0523","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47519","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47521","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47505","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47474","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47487","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0523"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttze-2s9v-qyet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99766?format=json","vulnerability_id":"VCID-u493-df5h-87ew","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0712","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62563","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62609","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62617","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62607","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62592","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62606","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0712"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u493-df5h-87ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99709?format=json","vulnerability_id":"VCID-u93f-zch1-r7hh","summary":"The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7854","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49161","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49222","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49233","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49198","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-7854"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u93f-zch1-r7hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99824?format=json","vulnerability_id":"VCID-uwth-4y1z-xyhe","summary":"A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5646","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3498","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5646"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24235","reference_id":"24235","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://github.com/radareorg/radare2/issues/24235"},{"reference_url":"https://github.com/radareorg/radare2/issues/24235#issuecomment-2918847213","reference_id":"24235#issuecomment-2918847213","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://github.com/radareorg/radare2/issues/24235#issuecomment-2918847213"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311134","reference_id":"?ctiid.311134","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://vuldb.com/?ctiid.311134"},{"reference_url":"https://vuldb.com/?id.311134","reference_id":"?id.311134","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://vuldb.com/?id.311134"},{"reference_url":"https://vuldb.com/?submit.586923","reference_id":"?submit.586923","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://vuldb.com/?submit.586923"},{"reference_url":"https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-5646"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwth-4y1z-xyhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99744?format=json","vulnerability_id":"VCID-vfmf-wepd-6fb4","summary":"In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15121","reference_id":"","reference_type":"","scores":[{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75137","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75167","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.7517","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75163","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75176","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126398?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2020-15121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfmf-wepd-6fb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99711?format=json","vulnerability_id":"VCID-vg9g-swvc-mbb8","summary":"The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9520","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42244","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42254","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42191","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864533","reference_id":"864533","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864533"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126380?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-9520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vg9g-swvc-mbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99776?format=json","vulnerability_id":"VCID-w61g-p4tf-gqbu","summary":"heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1244","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37237","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37329","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37334","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37302","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37264","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37278","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w61g-p4tf-gqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99736?format=json","vulnerability_id":"VCID-w7qv-mcd3-dyb9","summary":"In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12790","reference_id":"","reference_type":"","scores":[{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63635","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63677","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63684","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63665","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344","reference_id":"930344","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126394?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-12790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7qv-mcd3-dyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99757?format=json","vulnerability_id":"VCID-wevc-2jmf-9uhw","summary":"Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0476","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45255","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45324","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45328","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45309","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45283","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45295","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0476"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0476"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wevc-2jmf-9uhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99802?format=json","vulnerability_id":"VCID-wqpx-2ueb-sbhy","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4843","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19051","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18977","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1905","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21093","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21146","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21082","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4843"},{"reference_url":"https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f","reference_id":"075b2760-66a0-4d38-b3b5-e9934956ab7f","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f"},{"reference_url":"https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24","reference_id":"842f809d4ec6a12af2906f948657281c9ebc8a24","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/","reference_id":"FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/","reference_id":"OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126385?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-4843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqpx-2ueb-sbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99786?format=json","vulnerability_id":"VCID-wsr2-mjvm-sfcg","summary":"Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1451","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37728","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.3774","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51225","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51286","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51271","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsr2-mjvm-sfcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99829?format=json","vulnerability_id":"VCID-wtpe-7vww-mkct","summary":"radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60360","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05641","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05601","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05638","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05642","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60360"},{"reference_url":"https://github.com/radareorg/radare2/pull/24245","reference_id":"24245","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:31:14Z/"}],"url":"https://github.com/radareorg/radare2/pull/24245"},{"reference_url":"https://usn.ubuntu.com/7915-1/","reference_id":"USN-7915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126419?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2025-60360"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtpe-7vww-mkct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99735?format=json","vulnerability_id":"VCID-x3pj-pam6-1qbh","summary":"In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8810","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8810"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895749","reference_id":"895749","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895749"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-8810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x3pj-pam6-1qbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99738?format=json","vulnerability_id":"VCID-x6k2-ck4s-puhy","summary":"radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12829","reference_id":"","reference_type":"","scores":[{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.6967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.6971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.69718","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.69708","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00594","scoring_system":"epss","scoring_elements":"0.69696","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590","reference_id":"930590","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126394?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-12829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6k2-ck4s-puhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99698?format=json","vulnerability_id":"VCID-xp5n-w2zh-3bbp","summary":"In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16358","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3991","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39992","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39995","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39967","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3994","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39958","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16358"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880619","reference_id":"880619","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126381?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2017-16358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xp5n-w2zh-3bbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99813?format=json","vulnerability_id":"VCID-xrmg-ca3z-s3an","summary":"Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29645","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22978","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22869","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22866","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22963","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29645"},{"reference_url":"https://github.com/radareorg/radare2/pull/22561","reference_id":"22561","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/"}],"url":"https://github.com/radareorg/radare2/pull/22561"},{"reference_url":"https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620","reference_id":"72bf3a486fa851797aa21887a40ba0e3d3a6d620","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/"}],"url":"https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620"},{"reference_url":"https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027","reference_id":"83f0f5e8a475284d64bf99fb342e9027","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/"}],"url":"https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2024-29645"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrmg-ca3z-s3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99793?format=json","vulnerability_id":"VCID-xw5m-wd9k-8qe4","summary":"A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28069","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45609","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45641","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45621","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45596","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46359","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46426","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28069"},{"reference_url":"https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a","reference_id":"49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:21:58Z/"}],"url":"https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-28069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw5m-wd9k-8qe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99739?format=json","vulnerability_id":"VCID-y9hs-4bc5-mfgu","summary":"In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12865","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3949","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39495","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39466","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39436","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39451","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704","reference_id":"930704","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126394?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-12865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9hs-4bc5-mfgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99755?format=json","vulnerability_id":"VCID-yaup-8tcz-1uc2","summary":"Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0139","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60985","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60993","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63716","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63704","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63723","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0139"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yaup-8tcz-1uc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99746?format=json","vulnerability_id":"VCID-yqew-v2ha-pqha","summary":"radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17487","reference_id":"","reference_type":"","scores":[{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67102","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67143","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67151","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67135","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67118","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67134","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126398?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2020-17487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqew-v2ha-pqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99767?format=json","vulnerability_id":"VCID-ywpu-65jv-k3bw","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0713","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57202","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57253","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57261","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57249","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57236","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0713"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-0713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywpu-65jv-k3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6288?format=json","vulnerability_id":"VCID-z563-bpf6-uydg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11381","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48288","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48246","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11381"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126387?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2018-11381"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z563-bpf6-uydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99742?format=json","vulnerability_id":"VCID-z6qv-ndc3-e3ck","summary":"In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19590","reference_id":"","reference_type":"","scores":[{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86672","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86694","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86693","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86689","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86679","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86691","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947791","reference_id":"947791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947791"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126397?format=json","purl":"pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@4.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2019-19590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6qv-ndc3-e3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99792?format=json","vulnerability_id":"VCID-z9v9-7nkq-pugf","summary":"A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28068","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64297","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64286","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64307","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.6496","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64917","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28068"},{"reference_url":"https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992","reference_id":"637f4bd1af6752e28e0a9998e954e2e9ce6fa992","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:56:12Z/"}],"url":"https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126403?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-28068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z9v9-7nkq-pugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99780?format=json","vulnerability_id":"VCID-zhqn-k9jd-abhx","summary":"Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1297","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42093","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42168","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42151","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42125","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1297"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126404?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/126378?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304783?format=json","purl":"pkg:deb/debian/radare2@6.1.6%2Bds-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.1.6%252Bds-2%3Fdistro=sid"}],"aliases":["CVE-2022-1297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhqn-k9jd-abhx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}